package com.example.common.security;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


/**
 * Description
 *
 * @author hubiao
 * @since 2020-07-29 21:09
 */
@EnableWebSecurity
public class MySecurityConfigurer extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure( auth );
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                //antMatchers是设置路径,通常这里设置的是控制器(controller)上的请求路径，后面的permitAll是允许任何人访问,没有任何限制
                .antMatchers( "/500" ).permitAll()
                .antMatchers( "/403" ).permitAll()
                .antMatchers( "/404" ).permitAll()
                //anyRequest()表示出来上面的
                .anyRequest() //任何其它请求
                .authenticated() //都需要身份认证
                //and()方法类似于xml配置中的结束标签
                .and()
                .formLogin() //使用表单认证方式
                //配置默认登录入口
                .loginProcessingUrl( "/login" )
                .and()
                .csrf().disable();
    }
}
